1. Field of the Invention
The present invention relates in general to computers, and more particularly to a method and process for implicit authentication to computer resources and error recovery.
2. Description of the Prior Art
Computers and connectivity to computers, particularly from remote locations, have increased dramatically and continue to increase. As a result, computers and their respective software and firmware applications are increasingly vulnerable to attack from unauthorized users. In general, it is more beneficial to prevent an unauthorized user from entering a computer environment than to take remedial action when the unauthorized user is already inside the environment. However, many phishing schemes and Trojan horses allow intruders access to compromised accounts in computing environments.
In the current art, there are already some solutions that recognize the need for an on-going user validation through mid-stream questions and the like. However, employing such techniques could alert the intruders to the fact that they are being monitored and experienced intruders might know the answers to even the toughest questions. Additionally, reauthorization questions consist of the same known information, much like the way certain websites periodically prompt for the user's password at random time intervals.
The idea of first “learning the behavioral patterns” of users and then comparing the behavioral patterns to the actual activities of suspect users are well documented for several decades. A number of issues, however, still remain unresolved with known approaches. By insisting on so-called “passive learning” of a user's behavior, room is left for false alarms. For example, in the case where a user performs new actions that have never been done before (e.g., they may have never been needed), the computing environment might give a false alarm and aggravate the user who tried to carry out a valid transaction and is now blocked, allegedly for his/her own security's sake.
Also, having two modes of operation, learn and active, implies that such a system cannot be used right away because it needs time to learn the actions of users. During that time, the computer system or computer environment is potentially exposed to attacks.